PASSWORD BASED AUTHENTICATION FOR E-VOTING SYSTEM USING PRETTY GOOD PRIVACY

Abstract: E-voting system is an emerging trend in electing the representative in our society. It is a sophisticated technology which reaches every common man in the society. Nowadays, internet provides essential communication between tens of millions of people and is being increasingly used as a tool for commerce. Obviously, e-voting system becomes the better choice to implement in this modern era. Any e-voting system is based on a particular evoting protocol. One of the new properties of our proposed system is protection of voters identity from authorities and at the same time acquiring their votes with high level of security. The communication networks with less bandwidth can also use our protocol to implement the e-voting system efficiently. Introduction: E-voting system provides many benefits to all democratic countries. It affords convenience to voters and easy maintenance of polled votes using separate database in the server. Any protocol should meet certain basic criteria to run an efficient e-voting system. Some of them are eligibility, privacy and individual verifiability of voters. In addition to that it needs to verify the accuracy and fairness of the system. Eligibility caters to that whether all voters are eligible and each voter can cast only one vote. The vote of a particular voter should be kept confidential and this refers to what is known as privacy. Every voter can know whether his/her vote was really counted and this property is known as individual verifiability. Before counting the polled votes the system should ensure the property of eligibility and uniqueness of voters key, to overcome the duplication of votes. The system should also maintain the fairness by not reveling the results earlier as it could influence the remaining voters. To increase the level of security we have to include certain other criteria to strengthen our protocol. For example, after the announcement of results, anyone can review the functioning of voting process and the final result. PRETTY GOOD PRIVACY (PGP): In this paper we have selected the best available cryptographic algorithms as building blocks. PRETTY GOOD PRIVACY (PGP) provides0 confidentiality and authentication service that can be used for electronic mail and file storage applications. PGP has grown explosively and is now widely used. For instance, it can run on a variety of platforms such as Windows, UNIX, Macintosh and many more. Usually, PGP package contains RSA, DSS and Diffie-Hellman for public key encryption; CAST -128, IDEA and 3DES for symmetric encryption and SHA-1 for hash coding. PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and, finally, publickey cryptography; each step uses one of several supported algorithms. It has vast applications such as in corporation ,where the standardized encryption of files are needed for digital communication and for individual users who needs to send messages and wish to communicate securely with others over the internet.

Let us now have a brief visit to the operation of PGP protocol in secure e-mail system. Symmetric Key Encryption: Symmetric key encryption is a primitive system in which encryption and decryption is done using the same key (private key). It is also called secret key encryption. First the sender uses his private key to encrypt the message and this key should be securely distributed to the receiver(s) so that the he can decrypt the encrypted message using the received private key. Hence it is popularly called Symmetric key encryption. In this process the encrypted message is sent as cipher text. This symmetric key encryption is of two types: stream cipher and block cipher. Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing. A block cipher is so-called because the scheme encrypts one block of data at a time using the same key on each block. In general, the same plaintext block will always encrypt to the same cipher text when using the same key in a block cipher whereas the same plaintext will encrypt to different cipher text in a stream cipher. The only discrepancy of this system is the key distribution. The secret key method provides the fastest decryption. Another advantage of private key method is the process known as digital signing. Digital signature is used to verify the origin of the message of the sender. It is used to resolve any authentication issues between sender and receiver. Some examples of symmetric key cryptographic algorithms are blowfish, two fish, camellia etc.. Asymmetric key Encryption: Public-key cryptography has been said to be the most significant development in cryptography. In this encryption system, the sender will encrypt the message using the receivers public key and the message is sent to the receiver as a cipher text. The receiver decrypts the received message using his private key. Since a pair of keys is required, this approach is called asymmetric cryptography. The significant point here is that no matter which key is applied first, but that both keys are required for the process to work. In Public key cryptography, public key may be advertised as widely as the owner wants. The private key is never revealed to another party. Usually by considering the confidentiality of the message we encrypt the message using receivers public key and the receiver uses his private key to decrypt it. But in the case of authentication requirement, the sender uses his own private key to encrypt the message and the receiver can decrypt it using senders public key. Depending on the application, the sender uses either the senders private key or the receivers public key to encrypt the message he has to send. Encryption/decryption: The sender encrypts a message with the recipients public key. Digital Signature: The sender signs a message with his private key. Signing is achieved by a cryptographic algorithm applied to the message or to a small block of data that is a function of the message. Key exchange: Two sides cooperate to exchange a session key. Several different approaches are possible, involving the private key(s) of one or both parties. Several algorithms have been proposed for public key cryptosystems. Among them the most popular algorithm is RSA which can do encryption/decryption, digital signature, key

exchange. Similarly elliptic curve algorithm can also do all of the above tasks. While DiffieHellman algorithm is used for key exchange and DSS for digital signature. The RSA Algorithm: Obviously we need to find algorithms that indeed satisfy all the above three requirements. One appreciable method was discovered by a group of three discoverers (Rivest, Shamir, Adleman): RSA. It has survived all brutal attacks from crypt analysts for more than a quarter of a century. Major disadvantage of RSA is that it requires keys of at least 1024 bits for good security which makes it quite slow. HASH FUNCTION: Hash functions, also called message digests and one-way encryption, are algorithms that use no key. Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, provide a measure of the integrity of a file. Operational description of PGP: The actual operation of PGP as opposed to the management keys consists of five services: authentication, confidentiality, compression, e-mail compatibility and segmentation. Let us now have a brief view of PGP services. Refer the dig (1) for easy understanding of authentication process. Authentication: It includes the following steps 1) The sender creates the message. 2) SHA-1 is used to generate a 160-bit hash code of the message. 3) The hash code is encrypted with RSA using the senders private key and the result is prepended to the message. Conca Z Hash EP 4) The receiver uses RSA with the senders public key -to decrypt and recover the hash (Compress) M tenate code. 5) The receiver generates a new hash code for the message and compares it with the decrypted hash code. If the two match the message is accepted as authentic. Reference: DP EP - Public key encryption K1 K1 - Private Key of sender Z^-1 DP - Public key decryption M K2 K2 - Public Key of sender Compare The combination of SHA-1 and RSA provides an effective digital signature scheme. HASH Because of the strength of RSA, the recipient is assured that no one else could generate a new message that matches the hash code and, hence, the signature of the original message.

Dig (1) AUTHENTICATION

Although signatures normally are found attached to the message are file that they sign, this is not always the case: detached signatures are supported. A detached signature may be stored and transmitted separately from the message it signs. This is useful in several contexts. A user may wish to maintain a separate signature log of all messages sent or received. A detached signature of an executable program can detect subsequent virus infection. Finally the detached signatures can be used when more than one party must sign a document, such as legal contract. Each person signature is independent and therefore is applied only to the document. Otherwise signatures would have to be nested, with the second signer signing both the document and the first signature and so on.

Confidentiality: Another basic service provide by PGP is confidentiality, which is provided by encrypting messages to be transmitted or to be stored locally as files. In both cases the symmetric encryption algorithm CAST-128 may be used. Alternatively, IDEA or 3DES may be used. One must always cater to the problem of key distribution. In PGP, each symmetric key is used once. That is new key is generated as random 128 bit number for each message. Thus, although this is referred to in the documentation as a session key, it is reality a one-time key. Because it is to be used only once, the session key is bound to the message and transmitted with it. To protect the key, it is encrypted with the receivers public key. Dig (2) clearly explains the how confidentiality is supported by PGP. It can be described as follows: 1. The sender generates a message and a random 128-bit number to be used as a session key for this message only. 2. The message is encrypted, using CAST-128 (or IDEA or 3DES) with the session key. 3. The session key is encrypted with RSA, using the recipients public key, and is prepended to the message. 4. The receiver uses RSA with its private key to decrypt and recover the session key. 5. The session key is used to decrypt the message As, an alternative to the use of RSA for key encryption, PGP provides an option referred to as Diffie-Hellman. It is a key exchange algorithm. In fact, PGP uses a variant of DiffieHellman that does provide encryption/decryption, known as ElGamal. To this end, PGP provides the user with a range of key size options from 768 to 3072 bits.

K4 K0 EP

Z M

EC

K3

DP

Z^1

DC

DIG (2) CONFIDENTIALITY Reference: M- Message Z Compress EC - Symmetric encryption K0 - Session key || - Concatenation EP - Public key encryption K4 - Public key of receiver K3 - Private key of receiver DP - Public key decryption DC - Symmetric decryption

Compression: As a default, PGP compresses a message after applying the signature but before encryption. This has the benefit of saving space both for e-mail transmission and file storage. 1) The signature is generated before compression for two reasons: a) it is preferable to sign an uncompressed message so that one can only store the uncompressed message together with the signature for future verification. If one signed a compressed document, then it would be necessary either to store a compressed version of the message for later verification or to recompress the message when verification is required. b) Even if one were willing to generate dynamically a compressed message for verification, PGP compression algorithm presents a difficulty. The algorithm is not deterministic; various implementations of the algorithm achieve different tradeoffs in running speed versus compression ratio and, as a result, produce different compressed forms. However these different compression algorithms are interoperable because any version of the algorithm can correctly decompress the output of any other version. Applying the hash function and signature after compression would constrain all PGP implementations to the same version of the compression algorithm. 2) Message encryption is applied after compression to strengthen cryptographic security. Because the compressed message has less redundancy than the original plain text, crypt analysis is more difficult. Usually the ZIP algorithm is used for compression. Email compatibility: When PGP is used, at least part of the block to be transmitted is encrypted. If only the signature service is used, then the message digest is encrypted (with the senders private key). If the confidentiality service is used, the message plus signature (if present) are encrypted (with a one-symmetric key). Thus, part or the entire resulting block consists of a stream of arbitrary 8-bit octets. However, many electronic mail systems only permit the use of blocks consisting of ASCII text. To accommodate this restriction, PGP provides the services of converting the raw 8-bit binary stream to a stream of printable ASCII characters. The scheme used for this purpose is radix-64 conversion. Each group of three octets of binary data is mapped into four ASCII characters. On transmission, if it is required, a signature using a hash code of uncompressed plaintext. Then the plaintext, plus signature is compressed. Next, if confidentiality is required, the block is encrypted and prepended with the public key encrypted symmetric encryption key. Finally, the entire block is converted to radix-64 format. On reception, the incoming block is first converted back from radix-64 format to binary. Then, if the message is encrypted, the recipient recovers the session key and decrypts the message. The resulting block is then decompressed. If the message is signed, the recipient recovers the transmitted hash code and compares it to its own calculation of the hash code. Dig (3) shows the relationship among the four services so far discussed.

X- MESSAGE

Convert from rad 64 X R64[X]

Sign require d?

X X SIGN || X Generate signature Confid ential?

Decrypt key, X DK3[EK4[K0]]; X D0[X]

COMPRESS X Z(X)

DECOMPRESS X Z^-1(X)

Confid ential?

EK3[K0] || EK0[X] Encrypt key, X

Sign require d?

Strip signature from X verify signature

Convert to radix 64 X R64[X]

Dig (3.1) Generic transmission diagram. Reference: Z - Compression r64 - Radix 64 conversion Ek3- Encryption using private key of receiver Ek0- Encryption using session key K0 - Session Key DK3- Decryption using private key of receiver EK4 - Encryption using public key of receiver D0 - Decryption using session key

Dig (3.2) Generic reception diagram.

Segmentation and reassembly: E-mail facilities often are restricted to maximum message length. For example, many of the facilities accessible through the internet impose a maximum length of 50,000 octets. Any message longer than that must be broken up into smaller segments, each of which is mailed separately.

To accommodate this restriction, PGP automatically subdivides a method that is too large into segments that are small enough to send via e-mail. The segmentation is done after all of the other processing, including the radix-64 conversion. Thus, the session key component and signature component appear only once, at the beginning of first segment. At the receiving end, PGP must strip off all e-mail headers and reassemble the entire original block before performing the steps illustrated in dig (4.2).

Session key Component

Ek4

Key id of senders Receivers public key Zip Session key Ek0 R64

Time stamp

Signature

Key id of senders public key

Ek1

Leading 2 octets of message

Message digest

File name Message Time stamp Message (User id of voter, his password and his vote)

Dig (5) general format of PGP message References: Ek0- encryption using session key Ek1- encryption using private key of voter Ek4- encryption using public key of authority Zip- compression algorithm R64- radix-64 conversion

Proposed protocol for e-voting system: As, above said the end users (the voters) will send their vote along with user id and password as the message to the server. They encrypt their message using PGP cryptographic technique. The main advantage of PGP is that you dont need to be a techno-dweeb to operate it for encryption/decryption. The thing is you need to have appropriate software like iGolder. This original full version software application costs around $150. Government can provide this limited version application to all voters. Let us now see how this protocol aptly suits to e-voting system: [Note: In this paper we refer the user id, password and his vote as message.] Basic requirements to implement the system: Our e-voting system incredibly requires a number of systems which depends on the purpose and there should be WAN connections to all the systems. At the end user side, the voters will operate their system. They will be referred as client. The server will be operated by the operators under the supervision of election authorities. Main players of voting system: Before the election as it is mandatory the electoral candidates has to register their names in candidates list. It is the duty of the election authorities, to check whether all the candidates are eligible and they had paid their deposit money (in case of political) before the candidates list is finalized and released. Then, the voters should register their names in the voters list. Not all can become voters; there may be some conditions depending on the system. For example only people of age above 18 are eligible for political voting. Thus, the candidates and voters are the main players of any voting system. Authorities: We have seen above that voters and candidates are necessary for any voting systems. But merely having them alone is no use. So to have a flow of control authorities are needed. The authorities are the middle-men who support for the fairness of the system. They are neither voters side nor candidates side. They shall also not allow doing anything in favour of any particular candidate. So, to appoint an election authority it is the duty of the government to ensure whether he is a trusted person or not. Since here we are discussing about e-voting system the fairness can be easily checked by not allowing access to the server machines where the polled votes are recorded. Operators become optional: In case any e-voting system, as authorities are not able to count the votes in the electronic ballot (due to huge in number) a number of operators are deployed under him. Also consider the case of primitive ballot voting system, a number of government employees are needed to count the vote. Actually, it creates such a chaos around the vote counting booth. No one knows what is happening here and there. It creates huge pressure for

authorities for maintenances. But in our system no such pressure can arise to authorities. This is because authorities can itself count the votes because of simplicity and reliability of our system. Benefits for voters: Preparation phase: It includes the necessary key generation process. PGP makes use of four types of keys: one-time session symmetric keys, public keys, private keys, and passphrase-based symmetric keys. Three separate requirements can be identified with respect to these keys: 1. A means of generating unpredictable session key is needed. 2. We would allow a user to have multiple public key/private key pairs. One reason is that the user may wish to change his key pair from time to time. When this happens, any messages in the pipeline will be constructed with an obsolete key. There are many advantages in having multiple pairs of keys. But here we wouldnt discuss about them. The voter having single pair of private/public key is sufficient to cast his vote. 3. Each PGP entity must maintain a file of its own public/private key pairs as well as a file of public keys of correspondents. Session key generation: Each session key is associated with a single message and is used only for the purpose of encrypting and decrypting that message. CAST-128 and IDEA use 128-bit key encryption. Here we discuss about the CAST-128 bit encryption. Random 128-bit numbers are generated using the above algorithm. The input to the random number generator consists of 128-bit key and two 64-bit blocks that are treated as plaintext to be encrypted. Using cipher feedback mode, the CAST-128 encrypter produces two 64-bit blocks, which are concatenated to form the 128-bit session key. The plain text input to the random number generator, consisting of two 64-bit blocks, is itself derived from a stream of 128-bit randomized numbers. These numbers are based on keystroke input from the user. Both the keystroke timing and the actual keys struck are used to generate the randomized stream. Thus, if the user hits arbitrary keys at his or her normal pace, a reasonably random input will be generated. This random input is also combined with the previous session key output form CAST-128 to form the key input to the generator. The result, given the effective scrambling of CAST-128, is to produce a sequence of session keys that is effectively unpredictable. Key identifiers: An encrypted message is accompanied by an encrypted form of the session key. The session key itself is encrypted with the recipients public key. Hence, only the recipient will be able to recover the session key and therefore recover the message. If each user employed a single public/private key pair, then the recipient would automatically know which key to use to decrypt the session key: the recipients unique private key. However, we have stated a requirement that any given user may have multiple public/private pairs. The problem arises for the recipient to know which of its public keys was used to encrypt the session key. One of the solution to the problem would be to transmit the public key with the

message. The recipient could then verify that this is indeed one of its public keys, and proceed. This scheme would work, but it is unnecessarily wasteful of space. An RSA public keys may be hundreds of decimal digits in length. The other solution would be to associate an identifier with each public key that is unique atleast within one user. That is, the combination of user id of voter and key ID would be sufficient to identify a key uniquely. Then only the much shorter key ID would need to be transmitted. This solution , however raises a management and overhead problem:Key IDs must be assigned and stored so that both sender and recipient could map from key ID to public key. The solution adopted by PGP is to assign a key ID to each public key that is, with very high probability, unique within user ID. The key ID associated with each public key consists of its least significant 64-bits. That is, the key ID of public key PUa. This is a sufficient length that the probability of duplicate key IDs is very small. A key ID is also required for the PGP digital signature. Because a sender may use one of a number of private keys to encrypt the message digest, the recipient must know which public key is intended for use. Accordingly, the digital signature component of a message includes the 64-bit key ID of the required public key. When it knows for that sender and then proceeds to verify the signature. A message consist of three components: the message component, a signature (optional), and a session key component (optional). The message component includes the actual data to be stored or transmitted, as well as a filename and a timestamp that specifies the time of creation. The signature component includes the following Timestamp: The time at which the signature was made. Message digest: The 160-bit SHA-1 digest, encrypted with the senders private signature key. The digest is calculated over the signature timestamp concatenated with the data portion of the message component. The inclusion of the signature timestamp in the digest assures against replay types of attacks. The exclusion of the filename and timestamp portions of the message component ensures that detached signatures are exactly the same as attached signatures prefixed to the message. Detached signatures are calculated on a separate file that has none of the message component header fields. Leading two octets of message digest: To enable the recipient to determine if the correct public key was used to decrypt the message digest for authentication, by comparing this plaintext copy of the first two octets with the first two octets of the decrypted digest. These octets also serve as a 16-bit frame check sequence for the message. Key ID of senders public key: Identifies the public key that should be used to decrypt the message digest and, hence, identifies the private key that was used to encrypt the message digest. The message component and optional signature component may be compressed using ZIP and may be encrypted using a session key. The session key component includes the session key and the identifier of the recipients public key that was used by the sender to encrypt the session key. The entire block is usually encoded with radix-64 encoding.

KEY RINGS: Key IDs are critical to the operation of PGP and two key IDs are included in any PGP message that provides both confidentiality and authentication. These keys need to be stored and organized in a systematic way for efficient and effective use by all parties. The scheme used in PGP is to provide a pair of data structures at each node, one to store the public/private key pairs owned by that node and one to store the public key of other users known at this node. These data structures are referred to, respectively, as the private-key ring and public-key ring. Each row in the private-key ring contains the following entries: Timestamp: The date/time when this key pair was generated. Key ID: The least significant 64 bits of the public key for this entry. Public key: The public-key portion of the pair. Private Key: The private-key portion of the pair; this field is encrypted. (*)User ID: Typically, this will be the users e-mail address. However, the user may choose to associate a different name with each pair or to reuse the same User ID more than once. The private-key ring can be indexed by either User ID or Key ID; later we will see the need for both means of indexing. Although it is intended that the private-key ring be stored only on the machine of the user that created and owns the key pairs, and that it be accessible only to that user, it makes sense to make the value of the private key as secure as possible. Accordingly, the private key itself is not stored in the key ring. Rather, this key is encrypted using CAST-128. The procedure is as follows: 1. The user selects a passphrase to be used for encrypting private keys. 2. When the system generates a new public/private key pair using RSA, it asks the user for the passphrase, and the passphrase is discarded. 3. The system encrypts the private key using CAST-128 with ht e 128 bits of the hash code as the key. The hash code is then discarded, and the encrypted private key is stored in the private-key ring. Subsequently, when a user accesses the private-key ring to retrieve a private key, he or she must supply the passphrase. PGP will retrieve the encrypted private key, generate the hash code of the passphrase, and decrypt the encrypted private key using CAST-128 with the hash code. This is a very compact and effective scheme. As in any system based on passwords, the security of this system depends on the security of the password. To avoid the temptation to write it down, the user should use a passphrase that is not easily guessed but that is easily remembered. Public-key ring data structure is used to store public keys of other users that are known to this user. The fields are as follows Timestamp: The date/time when this e4ntry was generated. Key Id: The least significant 64 bits of the public key for this entry. Public Key: The public key for this entry. User ID: Identifies the owner of this key. Multiple user IDs may be associated with a single public key.

The public-key ring can be indexed by either User ID or Key ID. For simplicity, we ignore compression and radix-64-conversion in the following discussion. On assuming that the message is to be both signed and encrypted. VOTING PHASE: The sending PGP entity performs the following steps 1. Signing the message a) PGP retrieves the senders private key from the private-key ring using your_userid as an index. If your_userid was not provided in the command, the first private key on the ring is retrieved. b) PGP prompts the user for the passphrase to recover the unencrypted private key. c) The signature component of the message is constructed.

Pass phrase
Encrypted private

H key DC

Id2 select

Id1 Select

Key id

Key id

Public key ring Private key ring

K1

K4

Message digest

Rng
Output K0

Message (user id, Passwor d, vote)

EP

EP

Message EC Signature + Message

Encrypted signature+me ssage

Dig (6) CASTING OF VOTE References: K1- private key of voter Id1- private id selection by voter Id2H-Hash function applied to given input EP - public key encryption DC symmetric decryption || - concatenation k0 - session key K4- public key of voting authority

Rng session key ring 2. Encrypting the message a) PGP generates a session key and encrypts the message. b) PGP retrieves the recipients public key from the public key ring using her_ user id as an index. c) The session key component of the message is constructe Tallying phase: The receiving PGP entity performs the following steps 1. Decrypting the message a) PGP retrieves the receivers private key from the private key ring, using the Key ID field in the session key component of the message as an index. b) PGP prompts the user for the passphrase to recover the unencrypted private key. c) PGP then recovers the session key and decrypts the message.

Pass phrase

Select Select

DC

Private key ring

Encrypte d private key

Public key ring

K2

K3

Receivers key id Encrypted session key K0 Encrypted message+sign ature

DP

Senders key id Encrypted digest

DP

Compare

DC

Message

DIG (7) VOTE RECEPTION Reference: H - Hash function DC -Symmetric Decryption DP -Public key decryption K3 -Private key of authority K0 -Session key K2 -Public key of voter

2. Authenticating the message: a) PGP retrieves the senders public key from the pubic key from the pubic-key ring, using the Key ID field in the signature key component of the message as an index. b) PGP recovers the transmitted message digest. c) PGP computes the message digest for the received message and compares it to the transmitted message digest to authenticate.

First the voter creates the message. Hash function is applied to the message. This is encrypted by Public key encryption using private key of the voter. Another copy of message is concatenated with the previously encrypted message. Now, the concatenated message is compressed using ZIP function. Using the session key the compressed message is symmetrically encrypted. In the mean time, public key encryption is applied to the session key using the public key of the server. This encrypted session key and the encrypted message is concatenated. The concatenated message is divided into two parts. The message part is encrypted using pubic key of the server and the key part is encrypted using session key. Thus the encrypted message is securely transmitted to the server using the above protocol. Public key decryption is done to the key part of the received message by using the private key of the server. Now, the message part is decrypted using the session key. Then the message is decompressed. The message part is decrypted using the private key of the voter. The other part is decrypted using the public key of the voter.